Blog

Yesterday my time I experienced what I think was my first LLM hallucinating a responsible security disclosure. Honestly it was no curl situation, but I think it was still interesting. The bug is on launchpad.net if you’re interested in taking a look. I think in total I spent a couple of hours on the whole thing, with the hardest bit being trying to understand what the author was claiming. Fundamentally they had conflated being able to change the state of memory and other hardware inside their virtual machine with changing the state of those things for the hypervisor. They did not seem to understand that the video memory of the guest was not the video memory of the host for example. That said, I tried to be nice and I hope my replies were perhaps a little useful to them.